Privacy Policy

Effective date: February 13, 2024

See the prior versions of our Privacy Policy here.

This Privacy Policy explains how Simple.Life Apps Inc. (referred to as “we” or “us”) collects, stores, uses, and protects your personal data in connection with your use of our website simple.life, its related pages and our application “SIMPLE: your nutrition guide” (together referred to as the “Services”, and the application is usually referred to as the “App” or the “application”). This policy also explains the rights you have in respect of the personal data we hold about you and the practices we implement to protect your privacy.

If you do not want us to process your personal data as it is described in this Privacy Policy, please do not use our Services.

US State Supplements:

TABLE OF CONTENTS:

  1. What Personal Data We Collect and Why
  2. Personal Data Retention
  3. Your Data Protection Rights
  4. Security Measures
  5. Children’s Privacy
  6. Sharing of Your Personal Data
  7. Cross-Border Data Transfers
  8. Cookies, Software Development Kits, and Other Tracking Technologies
  9. Your Choices About Our Communications With You
  10. Contact Us
  11. Changes to Our Privacy Policy

1. WHAT PERSONAL DATA WE COLLECT AND WHY

When you use our Services, we collect the following data about you:

Purpose of collection and processingData categoriesCollection meansLegal basis for collection and processing
To provide core features of the App (it includes, but is not limited to, intermittent fasting plan preparation, food and water intake tracking, Avo communication, allostatic load calculation)

To verify user against existing requirementsProvision of premium features available at additional charge to the users
Unique user ID, meals and drinks tracking, symptoms tracking, health status, fasting schedule, weight, height, BMI, dietary patterns, activity patterns, device data, age, gender, uploaded photos

Premium users: payment data
You provide it to us

Unique user ID: we assign it to you automatically

Device data: collected automatically 
ContractConsent for special category data
Premium users: contract, consent and legal obligation for payments
To create your account with SimpleYour name, email address,  country, unique user ID, age, subscription data, device dataYou provide it to us

Unique user ID: we assign it to you automatically

Device data: collected automatically
Contract
We match the data about you with such an ID as a means of pseudonymization of your personal dataUserIDWe generate it automaticallyLegitimate interest
To connect Avo to your messenger apps (e.g., WhatsApp)Telephone numberYou provide it to usContract
To provide you with customer support and manage your accountName, email address, contents of communicationYou contact Simple support for help with the accountLegitimate interest
To review App content, feedback, and complaints raised to ensure medical safety and accuracy of the AppName, email address, contents of communicationYou contact Simple support or leave a public feedback / complaintLegitimate interest
To send you technical notices and updates, investigate incidents, and send security alerts. To send you support and administrative messagesName, email addressYou provide it to us during onboardingLegitimate interest
To integrate data between the website and the App in connection with the users onboarding (e.g., when you sign up for the Services on the Website, we use a third party, AppsFlyer, to help us identify you as an existing user when you use the App)Unique user IDWe generate it automaticallyLegitimate interest
Solely with respect to information you agree to share, we use it for Simple promotional purposes. If you have previously consented to it, you can disable the collection of the information by: For iOS device, go to Privacy settings to see a list of apps that request to track your activity. On iPhone or iPad, go to Settings > Privacy > TrackingFor Android device, go to Settings app, navigate to “Privacy” > “Ads”, tap “Delete Advertising ID”*No special category data

IDFA or Android Advertising ID (whichever is applicable to your device)
IDFV
Country
IP address
Age group
Gender
Subscription status
App use information
Device details
Mobile network operator information
User clicks in particular ads
Collected automatically upon your consentConsent
To send you our special offers and insights*No special category data

Email, country, age, unique user ID, subscription status
You provide it to us during onboarding or collected automaticallyConsent

Where applicable — legitimate interest
We use it to enforce and/or defend our rights in case of claimsDetails confirming the existence of relationship between us and confirmation that relationship ended, if applicable (e.g., subscription order, payment confirmation, subscription cancellation, subscription price & duration, if you used the App)Collected automaticallyLegitimate interest

We call all the data listed above your “personal data”.

Other than with respect to your health data, we and third-parties we engage may use cookies, Software Development Kits (SDKs), and other tracking technologies to automatically collect the personal data set forth above. For more information regarding our use of these technologies, please see Section 8: Cookies, Software Development Kits, and Other Tracking Technologies.

Note about access to camera. When you choose to upload photos to the App, you will typically grant us permission to access your camera or your device’s photo library. You provide such a permission through the request that appears on your mobile device (it may differ depending on your device’s operating system). You can revoke the permission through the settings on your mobile device, and here’s how to do it.

If you use an iOS device:

  1. On your iPhone or iPad open the Settings app.
  2. Scroll down and tap “Privacy”.
  3. Tap “Camera” or “Photos”.
  4. Next to Simple, toggle the permissions switching on or off.

If you use an Android device:

  1. On your device open the Settings app.
  2. Tap “Apps”.
  3. Tap “Simple”. If you can’t find it, tap “See all apps”, then choose Simple.
  4. Tap “Permissions”.
  5. To change a permission setting, tap it, then choose “Allow” or “Don’t allow”.

Aggregated information. We may aggregate, anonymize, or de-identify your personal data so that it cannot be reasonably used to identify you. We may share such data with third parties such as academic research institutions or use the data for statistical purposes. For example, we may share or use general age and demographic information and aggregate statistics about certain activities or symptoms from data collected to help identify patterns across users in articles, blog posts, and scientific publications.

For certain targeted academic or user research studies, we will contact you and rely on your consent. You can withdraw your consent at any time by contacting us at [email protected].

Avo AI chatbot. The Avo AI chatbot supports you on your intermittent fasting journey, it will answer your questions and help you learn more about living a healthy lifestyle. Avo may be sending daily check-ins, troubleshooting issues that you may face, and providing recommendations for next actions. You may also be able to communicate with Avo through third-party messengers (e.g., via WhatsApp). 

The chatbot is powered by Microsoft Azure OpenAI Service, and Microsoft Azure and any other AI partners we may collaborate with in the future may have the right to moderate communications with the chatbot 

  • How do we use your personal data? Information shared with Avo, including your food preferences, health conditions and other personal data, will be used by Avo to provide relevant and safe responses to your requests. In addition, Simple specialists may read, access and process chat communications with Avo to improve the product and check that it communicates properly. We take measures to protect your confidentiality during that process: in particular, our specialists have no access to information about the account that is communicating with Avo. While communicating with Avo, do not provide any information that may directly identify you or any other people.
  • Where and how long are my conversations stored? All the conversations shared with Avo are stored on our Amazon Web Server (AWS) in the United States until you decide to delete these conversations.
  • How can I delete my conversations with Avo? You can delete chat contents with Avo at any time by sending us an email at [email protected].

2. PERSONAL DATA RETENTION

We retain your Personal Data for as long as your account is active or as needed for the purposes of processing. 

At any time, you can delete your account, as well as the Personal Data associated with it, in the App settings (go to profile settings, scroll down, and press the “Delete Account” button) or by sending a request to [email protected]. We will address your deletion request within one month after the request receipt. It may take us up to 90 days in some cases to complete full erasure of your personal data stored in our backup systems. If you choose to deactivate your account, Simple will generally delete your personal data, and it will not be recoverable should you later create another account.

Please note that we still may retain certain data about you if so needed due to applicable legislative requirements, any potential or ongoing dispute resolution, or in order to enforce our rights.

3. YOUR DATA PROTECTION RIGHTS

If you wish to exercise any of the rights you are entitled to under this Section, please contact us at [email protected].

EEA/UK residents. Individuals residing in the European Economic Area (“EEA”) and the United Kingdom (“UK“) have certain statutory rights in relation to their Personal Data including under the General Data Protection Regulation (Regulation (EU) 2016/679) (“EEA GDPR“) and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020 (SI 2020/1586), as may be amended from time to time (“UK GDPR“) (collectively, the “GDPR“), including the rights specified below.

  • Access to and portability of your Personal Data: You have a right to request information about whether we have any Personal Data about you, and to receive a copy of such Personal Data. To request data export, please contact us at [email protected] using the email address linked to your Simple account.
  • Correction and deletion of your Personal Data: You can log into your profile and update your information anytime. If you wish to close your account, you can do so through your account settings or by contacting us at [email protected] using the email address linked to your Simple account. Please note that we may still process some of your data even after honoring your deletion request, such as for the fulfillment of our legal obligations or for the defense from claims.
  • Restriction of processing: You also have the right to demand restriction of processing of your personal data, for example, if you contest the accuracy of the personal data which inaccuracy is verified by us.
  • Right to object to processing or otherwise using your Personal Data: Where we are processing your personal data based on our legitimate interest, you may object to the processing or otherwise using your personal data. If you opt-out from receiving marketing messages from us, we may still send you updates about your account and other technical notices.
  • Right to withdraw your consent at any time: Where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent at any time for future processing by contacting us at [email protected] with your email linked to your Simple account.
  • The right to lodge a complaint with your local data protection authority. Under GDPR, you have the right to lodge a complaint with a local data protection authority in the country of your residence, where you work or where an alleged infringement of the applicable data protection law took place. Please see a list of EU member states’ supervisory authorities here, and the UK’s supervisory authority (ICO) here. If you have such concerns about our data protection activities, we kindly ask you to first contact us at [email protected], and we will do our best to resolve the issue.

Please keep in mind that in case of a vague request to exercise any of the aforementioned rights we may ask for more details if so needed to complete your request. If this is impossible, we reserve the right to refuse granting your request.

Following the provisions of the applicable law, we might also ask you to prove your identity (for example, by requesting your user ID or some other proof of your identity) in order for you to invoke the mentioned rights. We do so to ensure that no right of third parties are violated by your request, and the mentioned rights are exercised by an actual data subject or an authorized person.

We will process your request within one month after receiving it. We may extend this period by up to an additional two months where necessary, taking into account the complexity and number of the requests. If we extend the response period, we will let you know as soon as possible. We will not discriminate against you for exercising your rights under the law.

4. SECURITY MEASURES

We use reasonable and appropriate information security safeguards to help keep your personal data secure and in an effort to protect it from accidental loss and unauthorized access, use, alteration and disclosure. This includes:

  • Encryption of your personal data
  • Systematic vulnerability scanning and penetration testing
  • Protection of data integrity
  • Organizational and legal measures: for example, our employees have different levels of access to your personal data and only access your personal data for limited and necessary purposes required for the operation of our Services.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we take measures to do our best to protect your personal data, we cannot guarantee the security of the collected information transmitted to or through our Services or an absolute guarantee that such information may not be accessed, disclosed, altered, or destroyed. Any transmission of your personal data is at your own risk. We are not responsible for the circumvention of security measures contained in the App.

If you want to report a security incident related to our Services, please contact us at [email protected].

5. CHILDREN’S PRIVACY

Our Services are not intended for or directed at children under 18, and we do not knowingly collect or solicit any information from anyone under the age of 18 or knowingly allow any such persons to use our Services (in accordance with the eligibility requirements under our Terms of Use).

If you are under 18, do not: (i) use or provide any information in our Services or through any of its features, or (ii) provide any information about yourself to us, including your name, address, telephone number or email address. If you are a parent or guardian and believe we have collected information from your child who is under the age of 18, please contact us at [email protected].

6. SHARING OF YOUR PERSONAL DATA

We may disclose the information we process about you, including your personal data, as follows:

  • We may share your personal data with businesses that are legally part of the same group of companies that we are part of, including our subsidiaries (“Affiliates”). The Affiliates act as our data processors and may perform data processing on our behalf (e.g. providing technical support or conducting analytics). Such Affiliates are bound by appropriate contractual safeguards. Our Affiliates are: 
    • Palta People Ltd, based in Cyprus (data processor for internal processing activities)
    • Palta Poland sp. z o.o., based in Poland (data processor for internal processing activities)
    • Palta UK Ltd., based in the United Kingdom (data processor for internal processing activities)
    • Palta Software Ltd, based in Cyprus (data processor for the purpose of internal analytics)
  • We may disclose your personal data, and other collected information to third-party organizations such as contractors, business partners, service providers, and vendors that we use to support our business and who assist us in providing our Services. Such service providers may include: 
    • cloud provider Amazon Web Services (USA), which we use to store your personal data;
    • email delivery providers.
  • We disclose your personal data to Microsoft (USA) through Microsoft Azure OpenAI Service for Avo AI chatbot performance and safeguards.
  • We may disclose your personal data to third-party analytics providers and advertising partners or otherwise permit them to collect or access it. For more information, please see Section 8: Cookies, Software Development Kits, and Other Tracking Technologies.
  • We may disclose your personal data in the event that we or any of our Affiliates or lines of business is merged, acquired, divested, financed, sold, disposed of or dissolved, including in the course of a transaction like a merger, divestiture, restructuring, reorganization, acquisition, bankruptcy, dissolution, liquidation. In such cases, your personal data and any other collected information may be among the items sold, transferred, or otherwise disclosed as part of that transaction or proceeding.
  • We may disclose your Personal Data in response to legal requests and for purposes of preventing harm. We may access, preserve and share your information in response to a legal (like a search warrant, court order or subpoena), government or regulatory request if we have a good faith belief that the law requires us to do so. This may include responding to legal, government or regulatory requests from jurisdictions where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: (i) detect, prevent and address fraud and other illegal activity; (ii) protect ourselves, you and others, including as part of investigations; and (iii) prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.

7. CROSS-BORDER DATA TRANSFERS

Simple.Life Apps Inc. is based in the United States (“US”). Personal data we collect is transferred to and processed in the US (where it is governed by the US law) and to other countries (where it is governed by the laws of those countries).

Transfers of personal data outside of the European Union, the European Economic Area, and the United Kingdom. Where required under the EEA GDPR, in case of transfers of personal data from the EEA to countries outside the EEA, where we cannot rely on adequacy decisions adopted by the European Commission (for more information, please see here) we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the Standard Contractual Clauses of the European Commission (article 46(2)(c) GDPR). For more information on these Standard Contractual Clauses, please see here.

Where required under the UK GDPR, in case of transfers of personal data to countries outside the United Kingdom, we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the UK Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement, whichever is more appropriate in the given situation. For more information on the UK Addendum and the UK International Data Transfer Agreement please see here. We may also guarantee the protection of your personal data by relying on adequacy decisions adopted or approved by the authorities in the United Kingdom.

8. COOKIES, SOFTWARE DEVELOPMENT KITS, AND OTHER TRACKING TECHNOLOGIES

When you use our Services, we and our service providers, vendors, and partners, including third parties, may use cookies (a small text file placed on your computer or mobile device to identify your computer and web browser) and other similar technologies to collect or receive certain information about you and/or your use of our Services. We also use third-party analytics tools like Google Firebase, AppsFlyer, and Amplitude to help us measure traffic and usage trends of our Services, as well as for other purposes. Such analytics tools collect information via third-party SDKs incorporated into the App, which includes information about features of the App you visit or use, your actions in the App, and information about your subscription. Such information may be used to provide content, advertising, or functionality. Third parties may also use such information for their own purposes. For the avoidance of doubt, we do not use health data for advertising purposes.

Interest-based Advertising. We may partner with ad networks and other ad-serving providers that serve ads on behalf of us and others on non-affiliated platforms. Some of those ads may be personalized, meaning that they are intended to be relevant to you based on information ad networks and ad serving providers collect about your use of the App over time, including information about relationships among different browsers and devices. This type of advertising is known as interest-based advertising.

Your Choices. Most browsers and devices are configured to accept cookies and similar tracking technologies automatically. You may be able to set your browser and device options so as to limit such technologies. You can visit the Digital Advertising Alliance (“DAA”) Webchoices tool at www.aboutads.info to learn more about this interest-based advertising and how to opt out of this kind of advertising by companies participating in the DAA self-regulatory program, and http://www.aboutads.info/appchoices for information on the DAA’s mobile app opt-out program. You can also opt out of receiving interest-based ads from members of the Network Advertising Initiative (“NAI”) by visiting the NAI consumer opt-out page at http://optout.networkadvertising.org/?c=1#!/. Opting out of receiving interest-based ads does not mean that you will no longer receive ads from us, but rather that the ads will not be tailored to your perceived interests.

For users in the European Economic Area, United Kingdom, and United States. You can manage the collection and processing of Personal Data via cookies, SDKs, and other tracking technologies by contacting us at [email protected].

You may find that some parts of the App may not function properly if you have refused cookies or similar tracking technologies, and you should be aware that disabling cookies or similar tracking technologies may prevent you from accessing some of our content. Your choices are typically device and browser specific.

9. YOUR CHOICES ABOUT OUR COMMUNICATIONS WITH YOU

If you are using our Services, you may receive electronic communications from us (e.g., by posting in-app notices, via push notifications or emails). We send some of these communications to you, such as those related to your subscriptions, technical and security notices, and updates to the Privacy Policy and Terms of Use, where necessary to perform our contract with you to provide the App or otherwise based on our legitimate interest in contacting you.

If required by law, we will ask for your consent to send you promotional and marketing emails, in-app communications, and push notifications about new products, features, or offers related to our Services.

Marketing & Promotional Emails. If you wish to stop receiving our promotional and marketing emails, you can do so by following the “Unsubscribe” links in any marketing email sent to you.

Push Notifications. If you wish to stop receiving push notifications, you can do so through your mobile device settings by tapping “Settings” -> “Notifications” -> Choose Simple – > press the toggle to allow or forbid push notifications from the App.

10. CONTACT US

General contact details. If you have any questions about this Privacy Policy, please contact us via email at [email protected].

Appointed EEA/UK representative. If you are a resident of the EEA or the UK and you have any questions about this Privacy Policy, please contact us via email at [email protected] or at our EEA/UK representative mailing address:

  • EEA representative: DPOEU LTD

13 Nikolaou Lazarou, 3020 Limassol, Cyprus

Email: [email protected]

  • UK representative: Palta UK Ltd

Sterling House Fulbourne ROA, Walthamstow, London, E17 4EE
Email: [email protected]

11. CHANGES TO OUR PRIVACY POLICY

The date this Privacy Policy was last reviewed is indicated at the top of the page. The Company may modify or update this Privacy Policy from time to time. Some changes do not require your consent or notification: for example, when we make changes for the sake of transparency, when we add a new purpose of processing that is compatible with the existing purposes, or a new processing activity that falls under the users’ reasonable expectations. However, if the changes made may pose risk to your rights and freedoms (for example, by including a new purpose of processing that is not compatible with the existing purposes of processing, a new legal basis, or a new category of personal data to be collected or a new data subject, all of which are not reasonably expected by the users), we will ask for your consent to those changes separately from this Privacy Policy. If you did not receive a request for your consent to the changes or refused to give consent, those changes will not apply to you. This can negatively affect some of our Services provided to you if those Services inevitably require consent to the changes.